<?php
/**
 * Created by PhpStorm.
 * User: Administrator
 * Date: 2020/5/16
 * Time: 15:11
 */
namespace app\common\controller;

use think\facade\Cache;
use think\facade\Db;
use think\facade\Log;

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization,token");
header('Access-Control-Allow-Methods: GET, POST, PUT,DELETE,OPTIONS,PATCH');

class ApiBase extends Base
{
    protected function _initialize()
    {
        parent::_initialize();

        $key = input('key');
        $uid = input('uid');
        $openid = base64_decode($key);
        $secrectKey = Cache::get($key);

        if(empty($key) || empty($uid))
            return json_encode(['code'=>0,'msg'=>'无权限访问该接口']);

        if(!$secrectKey)
            return json_encode(['code'=>0,'msg'=>'无权限访问该接口']);

        $secrectKeyUID = Db::name('employee')->where('id',$uid)->value('app_secrect');
        $session_key = Db::name('employee')->where('openid',$openid)->value('app_secrect');
        if($session_key !=  $secrectKey && $secrectKeyUID != $secrectKey)
            return json_encode(['code'=>0,'msg'=>'无权限访问该接口']);
    }
}